Managing users and computers within a Windows enterprise network consists of a large portion of a domain administrators/helpdesk technician’s day-to-day job role.  Groups within Active Directory provide a single point of management for users or computers; this eases the burden of managing identities more effectively. Two types of group membership are available within Active Directory when creating a group, these are Security Groups which assign permissions on the access control lists of files, folders or other resources.  The second type [...]

I am currently reading a book on Windows Server 2008 and came across loopback policy processing which is a really useful policy to implement in the appropriate environment. Loopback policy processing is a setting within Group Policy which allows user policies that are applied to targeted computers to take precedence over user policies which are applied to users in separate GPOs.  This policy comes in very useful if you have client machines located in a communal area and you want [...]

By default Windows Server 2003 and upwards allows any authenticated user of a domain to add up to 10 machines without elevated user privileges to a domain, that is users who are not members of any elevated security groups such as domain admins or account operator groups.    Because computer objects are security principals it is extremely problematic where security is concerned, if a user were to add a computer to the domain they would be able to manage the [...]